src: add initial ct helper support

This adds initial support for defining conntrack helper objects which can then be assigned to connections using the objref infrastructure: table ip filter { ct helper ftp-standard { type "ftp" protocol tcp } chain y { tcp dport 21 ct helper set "ftp-standard" } } Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-02-21 18:11:31 +0100
committer: Florian Westphal <fw@strlen.de> 2017-03-16 10:09:42 +0100
commit: 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch)
tree: a54d95ecbb4de9deeeee83f1353421ef690f135e /include/rule.h
parent: f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index ed12774d..d89a963d 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -260,6 +260,12 @@ struct quota {
 	uint32_t	flags;
 };
 
+struct ct {
+	char helper_name[16];
+	uint16_t l3proto;
+	uint8_t l4proto;
+};
+
 /**
  * struct obj - nftables stateful object statement
  *
@@ -277,6 +283,7 @@ struct obj {
 	union {
 		struct counter		counter;
 		struct quota		quota;
+		struct ct		ct;
 	};
 };
author	Florian Westphal <fw@strlen.de>	2017-02-21 18:11:31 +0100
committer	Florian Westphal <fw@strlen.de>	2017-03-16 10:09:42 +0100
commit	5ca4eb30d62e0ab2768d64de5c70931292213338 (patch)
tree	a54d95ecbb4de9deeeee83f1353421ef690f135e /include/rule.h
parent	f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff)